Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window
- Thread starter MacRumors
- Start date
- Sort by reaction score
I suppose we must agree to disagree.
I think that if you have a document that can somehow become a security problem on day 31 (or week 31), then it should not have been in the cloud in the first place.
A.
Last edited:
You can suggest that, but it doesn’t make it right.
Throw a piece of paper into your wastebasket at your office on Monday. It’s in the trash, right? The next day, you see that it’s still in the trash can, right? You could pull it back out. Or you could leave it there. Now, your trash is normally emptied over the wekeend. BUT guess what? This weekend, the cleaners didn’t show up! You come in Monday and OMFG! Your trash is STILL in the trash can! The outrage! I thought that trash was supposed to be DESTROYED over the weekend but it wasn’t! What am I going to do?
Second scenario. You have a piece of paper. You want to permanently destroy it. You toss it into your shred box. Later that day, you walk your box over to the shredder and shred it. No going back now. It’s permenently destroyed. No waiting.
For someone to assume that a note sitting in a “recently deleted” folder should be guaranteed to be 100% destroyed precisely 2,592,000 seconds after it was deleted is asinine.
This would be a story if these Russians were able to pull arbitrary notes or deleted notes from Apple’s servers. Like pulling someone else’s notes. Pulling your own stuff out of the trash 31 days or even 90 days after it was deleted? Not a story to me.
Not really news to some people who've been to conferences in the past year. This really has been a known.. but not widely know issue. Not saying what they've found is good or bad.. but falling into the wrong hands.. this can be a much much bigger issue. I'm hoping Apple will finally take cloud issues more seriously, instead of thinking it's completely locked down.
I did this. I set up a mini server with a vpn router and fixed IP address. My primary machine has everything on it but I can access files from my travel machine as needed via the vpn.
How does that big hard drive help in a fire, technical failure or theft etc.? No backup plan is foolproof.
Like a lot of things that seem to imply that Apple can only do a few things right at any one time.
I think it just means they found a way of accessing their own data that Apple's stated policy implied would not be there after 30 days.
I would prefer for Apple to say what they mean and mean what they say. Sometimes these little surprises work in a customer's favor. Knowing how people accidentally delete things quite often, it's likely that it's usually in the customer's favor...IF the customer knows the data is still there. Otherwise it doesn't benefit the customer at all and just leaves them with a sense that things they wanted to be deleted are gone, when in fact they are not.
It's getting to be a bit of a "thing" with Apple to promote one ideal and actually do something else to undermine it. I'm a bit weary of it myself. I like to hold Apple to a high standard because in the past they've mostly exceeded my expectations. I hope they come around to being that way again.
I hope your right.
[doublepost=1495228048][/doublepost]
I hope not. We need to find out more.
I expect Apple to be better than this. I think it's a BIG DEAL and disappointed some are so quick to shrug it off.
At the top of "Recently Deleted" it prominently says "Notes are permanently deleted after 30 days." Yeah, 31 days no one would care. But up to 5 years? That's beyond awful. Even 2 months is blatantly dishonest.
This is why I use iCloud as little as possible. The notes and pages syncing are convenient enough that I use them though.
I always thought the current fad of "in the cloud" to be a bit ridiculous. Yes it's convenient, but do I really have to send all my info to a server across the country just to sync a calendar event between my desktop and my iPad that are in the same house?
I miss the old school iSync days. There is very rarely a time I need something synced between my phone and my desktop sooner then when I next get home (where they'd be on the same wireless network to talk to each other directly). The worst part of the cloud fad is that many of those direct syncing options stopped being developed.
[doublepost=1495229961][/doublepost]The other thing is obviously these are still on the server, but they are just not showing up on the iPhone. Why not just show them on the iPhone so the user has control? (and could permanently delete them from the server.)
There could be settings for: Immediate, 1 day, 7 days, 30 days, 60 days, 1 year, Never.
I know Apple isn't big on lots of options, but this is one place that could really use it.
I personally hated when they added the Recently Deleted folder to Photos. It just means most of the time I have to immediately go there to really delete stuff and free up space.
At the top of "Recently Deleted" it prominently says "Notes are permanently deleted after 30 days." Yeah, 31 days no one would care. But up to 5 years? That's beyond awful. Even 2 months is blatantly dishonest.
This is why I use iCloud as little as possible. The notes and pages syncing are convenient enough that I use them though.
I always thought the current fad of "in the cloud" to be a bit ridiculous. Yes it's convenient, but do I really have to send all my info to a server across the country just to sync a calendar event between my desktop and my iPad that are in the same house?
I miss the old school iSync days. There is very rarely a time I need something synced between my phone and my desktop sooner then when I next get home (where they'd be on the same wireless network to talk to each other directly). The worst part of the cloud fad is that many of those direct syncing options stopped being developed.
[doublepost=1495229961][/doublepost]The other thing is obviously these are still on the server, but they are just not showing up on the iPhone. Why not just show them on the iPhone so the user has control? (and could permanently delete them from the server.)
There could be settings for: Immediate, 1 day, 7 days, 30 days, 60 days, 1 year, Never.
I know Apple isn't big on lots of options, but this is one place that could really use it.
I personally hated when they added the Recently Deleted folder to Photos. It just means most of the time I have to immediately go there to really delete stuff and free up space.
1. Everyone should no that the data is never gone unless it's written over. Even then...
2. When are we gonna take back coding prowess from the Russians? This is getting embarrassing.
2. When are we gonna take back coding prowess from the Russians? This is getting embarrassing.
As in kind of like Russia being one of the harder hit countries by the latest malware/ransomware?
Which is exactly why it's smart to assume anything you delete is recoverable so don't put sensitive data on some server you have no control over. Apple might not have intentionally done anything. It could've been a bug. Either way the results are the same so if it's sensitive info you wouldn't want out there don't store it in your phone.
I was saying it in jest. Based on current popular culture, it seems Russia is at the root of all things hacking. And, in my opinion, I'd prefer to be the country to be doing the hacking not the hackee.
And they're only the "harder hit" countries 'cause they all run Windows.
Edit: TB smileys don't work on MR replies. They show up in the text but don't post. Just figured that out. Thought I'd share. :|
If you have two bigass hard drives as backups, in two different places. If such a disaster strikes that both are destroyed simultaneously, then you're proabably dead anyway, so it won't matter.
This whole story is not a security issue per se since it refers only to a user's own data. However it raises 2 major questions regarding privacy:
1. Why isn't the apple service working as expected
2. Are the data ever really deleted ? I mean, really deleted, from everywhere and everything.
So, although not an iCloud breach, I'd like to see a proper reply from apple about this, addressing the issues above.
1. Why isn't the apple service working as expected
2. Are the data ever really deleted ? I mean, really deleted, from everywhere and everything.
So, although not an iCloud breach, I'd like to see a proper reply from apple about this, addressing the issues above.
Fine. One thing I can promise you though is that Apple purport to make things clear for idiots and non tech savvy people. I wouldn't mind betting that they do not think like you have suggested.
